d7d484d6b2d7687ca2cfb8f1c4bb817eae0539249b867d68aefc389750c57b64

Analysis

max time kernel
122s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 05:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0fdfb8964e41fecbfdbe8954452ac079.exe
Size

2.7MB
MD5

0fdfb8964e41fecbfdbe8954452ac079
SHA1

dbcf49c5b9fe3e091d2b23f7e178661786a73a3e
SHA256

d7d484d6b2d7687ca2cfb8f1c4bb817eae0539249b867d68aefc389750c57b64
SHA512

3aa5cf9eb9a62666150151d08ec55dd988638252599f16b210d572eb5da25383b6a16bfc28505c0ae4a17ae8fea6718ac01e3a164b874d56f46b5a01860d5802
SSDEEP

49152:KKC4xe1n0NsD33gG/NX848EfgZz4R9F/GoSZvWJvC4r8epQJkxTTR9j:Y4tN63Qu8tiHpGJmq1epQJCHj

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3056	0fdfb8964e41fecbfdbe8954452ac079.exe

Executes dropped EXE 1 IoCs

pid	Process
3056	0fdfb8964e41fecbfdbe8954452ac079.exe

Loads dropped DLL 1 IoCs

pid	Process
2644	0fdfb8964e41fecbfdbe8954452ac079.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2644-1-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000900000001225c-10.dat	upx
behavioral1/files/0x000900000001225c-14.dat	upx
behavioral1/memory/3056-16-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2644	0fdfb8964e41fecbfdbe8954452ac079.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2644	0fdfb8964e41fecbfdbe8954452ac079.exe
3056	0fdfb8964e41fecbfdbe8954452ac079.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 3056	2644	0fdfb8964e41fecbfdbe8954452ac079.exe	28
PID 2644 wrote to memory of 3056	2644	0fdfb8964e41fecbfdbe8954452ac079.exe	28
PID 2644 wrote to memory of 3056	2644	0fdfb8964e41fecbfdbe8954452ac079.exe	28
PID 2644 wrote to memory of 3056	2644	0fdfb8964e41fecbfdbe8954452ac079.exe	28

C:\Users\Admin\AppData\Local\Temp\0fdfb8964e41fecbfdbe8954452ac079.exe
"C:\Users\Admin\AppData\Local\Temp\0fdfb8964e41fecbfdbe8954452ac079.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Users\Admin\AppData\Local\Temp\0fdfb8964e41fecbfdbe8954452ac079.exe
  C:\Users\Admin\AppData\Local\Temp\0fdfb8964e41fecbfdbe8954452ac079.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0fdfb8964e41fecbfdbe8954452ac079.exe

Filesize
2.7MB

MD5
ede5d3b0f348701b71cc27a809131e8b

SHA1
352b255e135f2bb3f34cc9cc83afe8a0ed88903e

SHA256
93beb56692a1aa1aac49e6435420a7e31b7ee81667a23cf9b11d5e3931d25a55

SHA512
b2c0c8d2a1b4bb0a039e0c5080db25a62d1c32ce37e4156ab13017d026b0ce2fec75c0fc41d98f8c9e6624533051f953053ecd27c9f13cef319ae0263aab315e

Download Submit
\Users\Admin\AppData\Local\Temp\0fdfb8964e41fecbfdbe8954452ac079.exe

Filesize
640KB

MD5
55bab2bc6a01db979712583f89f7ce40

SHA1
e4f798c671a456873826d4ab4659529019b7e2c5

SHA256
ad5d2d1c6d5c279b376e36e0a4f56bec192c391c634b04e986503b89dc60af17

SHA512
489b98b4e60f79e95e00bf5ba7bacdcea0d495b015a5197184d592a627798767dc5c90c3d622ec0c0b2a353502c8bb7434264023f2e47d01b704fd214cb6bbfb

Download Submit
memory/2644-15-0x0000000003780000-0x0000000003C67000-memory.dmp

Filesize
4.9MB

Download
memory/2644-3-0x0000000000130000-0x0000000000261000-memory.dmp

Filesize
1.2MB

Download
memory/2644-0-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2644-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2644-1-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2644-31-0x0000000003780000-0x0000000003C67000-memory.dmp

Filesize
4.9MB

Download
memory/3056-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/3056-17-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/3056-18-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/3056-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/3056-25-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/3056-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download